1 files changed, 19 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index fbe45e03..dd2c35c7 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -959,4 +959,23 @@ in rec {
  systemd.status-mail = {
    onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
  };
+  services.vsftpd = {
+    enable = true;
+    forceLocalLoginSSL = true;
+    forceLocalDataSSL = true;
+    localUsers = true;
+    writeEnable = true;
+    chrootLocalUser = true;
+    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    extraConfig = ''
+      pam_service_name=vsftpd
+    '';
+  };
+  security.pam.services."vsftpd".text = ''
+    auth requisite  pam_succeed_if.so user ingroup ftp
+    auth required   pam_unix.so audit
+  '';
 }

diff --git a/ymir.nix b/ymir.nix index fbe45e03..dd2c35c7 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -959,4 +959,23 @@ in rec {
959	systemd.status-mail = {	959	systemd.status-mail = {
960	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];	960	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
961	};	961	};
		962
		963	services.vsftpd = {
		964	enable = true;
		965	forceLocalLoginSSL = true;
		966	forceLocalDataSSL = true;
		967	localUsers = true;
		968	writeEnable = true;
		969	chrootLocalUser = true;
		970	rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
		971	rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
		972	extraConfig = ''
		973	pam_service_name=vsftpd
		974	'';
		975	};
		976
		977	security.pam.services."vsftpd".text = ''
		978	auth requisite pam_succeed_if.so user ingroup ftp
		979	auth required pam_unix.so audit
		980	'';
962	}	981	}